cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

ACL for CobraNet traffic, Ethernet protocol identifier (0x8819)

ACL for CobraNet traffic, Ethernet protocol identifier (0x8819)

Ron_Prague
New Contributor II
I work for an audio engineering company and thus have audio engineers constantly plugging the wrong things into the wrong ports and introducing various traffic to my network. I'd like to put an ACL together to limit CobraNet traffic to one particular vlan only instead of having it constantly show up on desktop vlan(s).

The Ehternet Protocol Identifier is 0x8819, I just don't know how to write an ACL using that information to catch the traffic.
5 REPLIES 5

JS4
Extreme Employee
Hello Ron,



You would have two ways to implement this :

If you use ā€œdynamic ACLā€ [assuming you want to deny it on a ā€œdesktopā€ vlan] , what you could do is

# create the ACL rule

create access-list Cobranet-deny "ethernet-type 0x8819;" "count cobranet-pkt; deny;"

#for each desktop vlan

configure access-list add "Cobranet-deny" first vlan "Desktop" ingress



X670-48x.8 # sh access-list dynamic rule "Cobranet-deny"

entry Cobranet-deny {

if match all {

ethernet-type 0x8819 ;

} then {

count cobranet-pkt ;

deny ;

} }



X670-48x.9 # sh access-list dynamic counter

Vlan Name Port Direction

Counter Name Packet Count Byte Count

==================================================================

* * ingress

cobranet-pkt 0





If you use a policy file, the ACL would probably look like this



# create a policy file

X670-48x.17 # edit policy cobranet

# edit policy cobranet

entry Cobranet {

if {

ethernet-type 0x8819;

} then {

deny ;

count cobranet;

}

}



# apply the policy file to a vlan

X670-48x.14 # configure access-list cobranet vlan default

X670-48x.15 # show access-list

Vlan Name Port Policy Name Dir Rules Dyn Rules

===================================================================

Default * cobranet ingress 1 1



X670-48x.16 # show access-list counter

Policy Name Vlan Name Port Direction

Counter Name Packet Count Byte Count

==================================================================

cobranet Default * ingress

cobranet 0





There is a good document around ACL : https://www.extremenetworks.com/wp-content/uploads/2014/10/ACL_Solutions_Guide.pdf









GTM-P2G8KFN